freeVSD Enables Safe Experimentation

Using freeVSD enables self-sufficient systems and can save software headaches.

I work in an environment where software
developers and system administrators with varying capabilities
aggressively and routinely use Linux. We frequently explore new
applications but sometimes hesitate to actually initiate an
installation because we lack confidence in the software. Our
concern is that rogue software might disrupt essential services on
production servers. In extreme cases, it is even possible that a
poorly written installer might corrupt a workstation's operating
system installation.

Typically, implementing even a slightly complicated
application that interacts with the web server requires installing
the application, adding a new user (for suid operation), adding
lines to httpd.conf, restarting the web server and creating and
manipulating files in root-owned places like /etc or /usr/local/.
All of this has to be undone if we later decide not to put the
system into production use. While uninstall scripts can assist in
this, these scripts could fail, leaving the system in an
indeterminate state.

freeVSD is a GPL product initially conceived to enable an ISP
to provide virtual server hosting. It can also transform a stock
Red Hat installation into a powerful, low-cost testing environment.
freeVSD works by simulating up to 250 full-featured private
servers. Hard links to system files facilitate compact and
homogeneous environments for each virtual server. Logins to the
virtual servers are restricted via the native
chroot facility, effectively
creating a secure sandbox.

Now, we can experiment recklessly, hand the keys over to
inexperienced juniors or casually grant root privileges to
strangers, with little concern for negative consequences.

From the system administrator's standpoint, freeVSD enables
you to create multiple self-sufficient systems, each with its own
administrative account and the ability to manage user accounts, as
well as the ability to configure their own web services, mail
services, database server—a “Lite” version of Linux, if you
will.

freeVSD was originally developed for an ISP in the United
Kingdom and has been under development for three years. Based on
mailing list archives, freeVSD seems popular and well supported.
Questions are answered quickly, either by users or the
developers.

Many significant functions of each virtual server can be
administered by a rootlike account named Admin. For example, the
Admin account can add users, manipulate their privileges, make
changes to httpd.conf, restart various aspects of the server and so
on.

Installing freeVSD

Installing freeVSD can be a bit tricky. You need to be
especially careful if you intend to restore the hostsystem back to
its original configuration. As always, it is imperative to back up
anything you are not comfortable with catastrophically losing.
According to the web site, support for Debian, Mandrake and
Slackware is forthcoming, but so far only Red Hat 6.x and 7.x. are
officially supported. Version 1.4.6 introduces support for Red Hat
7.0, but Red Hat 6.2 seems to have more of the kinks worked
out.

It is recommended that freeVSD be installed on a nearly
pristine system. Start with a freshly installed Red Hat 6.2. Then
decide whether you want any special server software available, such
as MySQL, Postgres or PHP. Apply patches. Ideally, all applications
should be installed before configuring freeVSD. Note that freeVSD
works quite well under VMware, which might prevent a bit of stress
during the first few installs. You'll probably need around 800MB of
free disk space to accommodate the filesystem skeleton.

I assume you have or can obtain a FQDN or dedicated IP number
for your first virtual host (freeVSD uses IP aliases). Of course,
you need to be sure to obtain permission from whomever is in charge
of your network before engaging in behavior that might be
considered aggressive.

Then choose a name for your first virtual host. A good idea
might be the hostname, (e.g., “myhost” if your FQDN is
myhost.mydomain.com) or the domain name (mydomain), if you are
providing hosting for multiple domains.

Here's an overview of the freeVSD install process, described
in detail by the file /usr/doc/freevsd-x.y.z/user-guide.txt.

Install main RPM (e.g.,
freevsd-1.4.6-2.i386.rpm).

Install pkgs RPM (e.g.,
freevsd-pkgs-1.4.6-1.i386.rpm).

Run
/usr/sbin/vsd-install.pl.

Run /usr/sbin/vsd-genskel.pl
(several hundred megabytes will be copied during this process, so
be patient). It is simple to customize this installation process.
The file /etc/freevsd.conf provides several customization
opportunities to specify files to include and exclude during
skeleton generation. Red Hat 7.x users may need to tweak
/etc/xinetd.conf and/or restart xinetd at this point.

Then, run /usr/sbin/vsd-uninstall.pl to
restore configurations and optionally delete files. Take care to
answer these questions correctly the first time as you won't get a
second chance, and you will have to restore configurations
manually. Finally, remove the pkgs and main RPMs.

As Linux continues to play an ever increasing role in corporate data centers and institutions, ensuring the integrity and protection of these systems must be a priority. With 60% of the world's websites and an increasing share of organization's mission-critical workloads running on Linux, failing to stop malware and other advanced threats on Linux can increasingly impact an organization's reputation and bottom line.

Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.

In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.